Appendices
#Contents
| File | Description |
|---|---|
| Tool Installation Guide | Installing and configuring essential pentesting tools on Kali/Parrot Linux |
| Methodology & Mindset | The pentest mindset, approach to unknown targets, and time management |
| Glossary | Definitions of pentesting, AD, Windows, Linux, and web security terms |
| Machine-to-Technique Index | Map of HTB machines to the techniques they demonstrate |
#How to Use These Appendices
- New to pentesting? Start with Methodology & Mindset, then use the Glossary as you work through technique files.
- Setting up a lab? The Tool Installation Guide provides a complete setup for a Kali/Parrot attack machine.
- Looking for examples of a technique? The Machine-to-Technique Index maps each technique to HTB machines that demonstrate it in a real context.
#Tool Categories Quick Reference
| Category | Primary Tools |
|---|---|
| Scanning | nmap, masscan, rustscan, netexec |
| Web Enumeration | gobuster, ffuf, feroxbuster, whatweb, wappalyzer |
| Web Exploitation | Burp Suite, sqlmap, ysoserial, phpggc |
| AD Enumeration | BloodHound (SharpHound/rusthound/bloodhound-python), windapsearch, ldapsearch |
| AD Exploitation | impacket suite, netexec, certipy, Rubeus, Mimikatz, bloodyAD |
| Password Attacks | hashcat, john, hydra, medusa |
| Lateral Movement | impacket (psexec/wmiexec/smbexec/atexec), evil-winrm |
| Tunneling | chisel, ligolo-ng, ssh, proxychains, socat |
| Linux PrivEsc | linpeas, pspy, GTFOBins, linux-exploit-suggester |
| Windows PrivEsc | winpeas, PowerUp, Seatbelt, PrintSpoofer, JuicyPotato, WES-NG |
| Credential Dumping | Mimikatz, procdump, secretsdump.py, LaZagne |
| Shells | msfvenom, nishang, powercat, revshells.com |